Will 2012 REALLY be the year of the cyberwar?

The cyberwar discussion is mired in confusion.

What defines an act of cyberwar? Is it a sophisticated hack from China or Russia that shuts down the U.S. power grid? Is it a rogue group like Anonymous breaking into government sites? Is it all the spying China has been doing for several years now? And what about Stuxnet and Duqu? Were those creations an act of war by the U.S. and Israel against Iran? Does a cyberwar involve government and military sites only or does it include the networks of private enterprise as well?

Related material: Security Upgrades Needed with Growing Cyberwar Threats

The debate will continue to limp along in 2012. Don't expect a clearer definition, because you probably won't get one. Still, on a much smaller, targeted scale, we have plenty of evidence that online battlefields between nations isn't beyond reality. Instead of waiting for the perfect metrics and verbiage, we may as well accept that the tools and know-how exist for cyberwar and plan our defenses accordingly.

Spy vs. spyClearly, governments have been using hackers to spy on other countries via weaknesses in computing infrastructure for years now. Back in 2009, colleague Grant Gross wrote about cyberspies from China, Russia and elsewhere gaining access to the U.S. electrical grid and installing malware tools designed to terminate service. One could interpret those actions as an act of war, though it's difficult to know for certain what the motives are.

Just a couple weeks ago, colleague Jeremy Kirk wrote about a report in which the Office of the National Counterintelligence Executive warned of more aggressive spying in the coming months. Specifically, he wrote, the U.S. can expect more aggressive efforts from countries such as Russia and China to collect information through cyberespionage in areas such as pharmaceuticals, defense and manufacturing

"Chinese actors are the world's most active and persistent perpetrators of economic espionage," the report said. "Russia's intelligence services are conducting a range of activities to collect economic information and technology from U.S. targets."

Lack of preparednessCSO correspondent George V. Hulme has spent a lot of time researching the issue this past year. In one article, he asks, " If Stuxnet was an act of cyberwar, is the U.S. ready for a response?"

The short answer from security experts was no.

"The biggest challenge we face isn't that we're not ready for a Stuxnet. The biggest problem we face is that we're not really ready for anything. If you were to do a pen test -- and there's plenty of research out there to support this -- most utility companies are extremely vulnerable," says Eric Knapp, director of critical infrastructure markets at NitroSecurity.

We got a reminder of that reality last week, when hackers reportedly launched a digital attack that destroyed a water pump in Springfield, Illinois, then took aim at the SCADA system of Houston's water supply network.

What to do?Fortunately, there are already steps we can take to harden our defenses. David Marcus, director of security research at McAfee, wrote about the incidents in his blog, saying it's no more difficult to attack a SCADA network or system than it is to attack any other system. It's always just a matter of time, he writes, adding:

"Certainly we may see more SCADA-based or SCADA-focused attacks in the future. Attackers tend to target systems that can be successfully compromised, and recent history has shown that these systems are at least as vulnerable as other types of networked systems." But that isnt really the point, he said. "In my mind, the second question often morphs into 'How do we know they are not already compromised and actively under attack now?'"

Assuming we are, he suggested a few things individual SCADA admins can do:

  • Include "cyber" in all risk management
  • Set up extensive penetration testing
  • Set up extensive counter-social engineering training
  • Put a SCADA-specific CERT plan and team in place
  • Network with law enforcement at all levels
  • Expect to get attacked and take appropriate countermeasures

Though this advice was offered to SCADA admins, the advice is applicable to the wider challenges that go into protecting network infrastructure.

Know what you're talking aboutThe greatest challenge, perhaps, is getting our definition of cyberwar straight. I'm one of the first to admit that I don't have my own act together on this yet. But as I work on that, I have plenty of good resources to draw from. One is a column Brian Krebs wrote for us around this time last year called " The cyberwar will not be streamed."

In it, he warned against the careless use of cyberwar terminology in the wake of Wikileaks. He wrote:

I hope the media will exercise a bit more restraint in tossing around volatile terms like cyberwar, particularly to describe the antics of a group that has a well-earned reputation for attention-grabbing stunts and lampooning just about everything. At best, such flattery may only encourage copycat attacks; at worst, it trivializes the far more serious issues raised by the Wikileaks scandal.

One thing is certain about the coming year. Whether or not we can see things that are easily defined as cyberwarfare, things will no doubt be getting more interesting. Hopefully, we're better prepared than this time last year.

Read more about data protection in CSOonline's Data Protection section.

Join the CSO newsletter!

Error: Please check your email address.

Tags duquRussian spyingapplicationsisraelcyberwarfareU.S.AnonymousiranChinese spyingSCADA attacksespionagesecurityphysical securitycritical infrastructuresoftwareStuxnetdata protectioncyberwar

More about CERT AustraliaMcAfee Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bill Brenner

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place